Merge main to live #3505
Merge main to live #3505
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds comprehensive documentation for NuGet HTTPS enforcement and improves package auditing documentation. The main changes include:
- A new documentation page explaining NuGet's HTTPS Everywhere policy and how to handle HTTP sources
- Enhanced error documentation with additional scenarios for NU1302
- Expanded guidance on handling package vulnerabilities with transitive dependencies
- Added GitHub Copilot Agent integration documentation for the NuGet MCP Server
Reviewed Changes
Copilot reviewed 6 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/consume-packages/nuget-https-everywhere.md | New comprehensive guide on NuGet HTTPS enforcement, error handling, and opt-out options |
| docs/reference/errors-and-warnings/NU1302.md | Added Scenario 2 for HTTP resources in HTTPS sources |
| docs/reference/errors-and-warnings/NU1901-NU1904.md | Updated link to point to new auditing packages documentation |
| docs/concepts/Auditing-Packages.md | Added detailed guidance on finding transitive package paths and updated vulnerability resolution steps |
| docs/concepts/NuGet-MCP-Server.md | Added GitHub Copilot Agent configuration instructions |
| docs/TOC.md | Added new HTTPS Everywhere documentation to table of contents |
| docs/concepts/media/*.png | Added supporting images for documentation |
| This error occurs when one or more package sources in your configuration use an **HTTP** URL instead of **HTTPS**. | ||
|
|
||
| In earlier NuGet versions, this scenario produced a **warning** ([`NU1803`](../reference/errors-and-warnings/nu1803.md)). | ||
| Beginning with [**NuGet 6.12**](../release-notes/NuGet-6.12.md) and later, it now results in an **error** unless the use of HTTP sources is explicitly permitted. |
There was a problem hiding this comment.
Extra space before [NuGet 6.12]. Should be single space after 'with'.
| Beginning with [**NuGet 6.12**](../release-notes/NuGet-6.12.md) and later, it now results in an **error** unless the use of HTTP sources is explicitly permitted. | |
| Beginning with [**NuGet 6.12**](../release-notes/NuGet-6.12.md) and later, it now results in an **error** unless the use of HTTP sources is explicitly permitted. |
docs/concepts/Auditing-Packages.md
Outdated
| The easiest case is when a package you reference directly has the known vulnerability. | ||
| In this situation, update the package version to one that fixes the vulnerability. |
There was a problem hiding this comment.
Extra space at the end of line 186. The period should be followed by a single space before the next sentence, not a period-space-newline-In.
| The easiest case is when a package you reference directly has the known vulnerability. | |
| In this situation, update the package version to one that fixes the vulnerability. | |
| The easiest case is when a package you reference directly has the known vulnerability. In this situation, update the package version to one that fixes the vulnerability. |
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
|
Learn Build status updates of commit 8936bc9:
|
| File | Status | Preview URL | Details |
|---|---|---|---|
| docs/reference/errors-and-warnings/NU1302.md | View | Details | |
| docs/concepts/Auditing-Packages.md | ✅Succeeded | View | |
| docs/concepts/media/dotnet-nuget-why-1.png | ✅Succeeded | View | |
| docs/concepts/media/github-copilot-agent-settings.png | ✅Succeeded | View | |
| docs/concepts/media/pm-ui-transitive-tooltip-1.png | ✅Succeeded | View | |
| docs/concepts/media/vs-solution-explorer-search-options-1.png | ✅Succeeded | View | |
| docs/concepts/media/vs-solution-explorer-search-results-1.png | ✅Succeeded | View | |
| docs/concepts/NuGet-MCP-Server.md | ✅Succeeded | View | |
| docs/consume-packages/nuget-https-everywhere.md | ✅Succeeded | View | |
| docs/reference/errors-and-warnings/NU1901-NU1904.md | ✅Succeeded | View | |
| docs/TOC.md | ✅Succeeded | View |
docs/reference/errors-and-warnings/NU1302.md
- Line 70, Column 80: [Warning: file-not-found - See documentation]
Invalid file link: '../../api/overview'.
For more details, please refer to the build report.
Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.
PoliCheck Scan ReportThe following report lists PoliCheck issues in PR files. Before you merge the PR, you must fix all severity-1 and severity-2 issues. The AI Review Details column lists suggestions for either removing or replacing the terms. If you find a false positive result, mention it in a PR comment and include this text: #policheck-false-positive. This feedback helps reduce false positives in future scans. ✅ No issues foundMore information about PoliCheckInformation: PoliCheck | Severity Guidance | Term |
No description provided.